End user awareness training vendor Secure Now! has equipped its Breach Secure Now! solution with new functionality designed to help organizations determine which of their employees poses the greatest security risk, and then remediate their most dangerous bad habits.
First released May 1st and rolling out gradually to the Morristown, N.J.-based vendor’s customers this month, the new “employee vulnerability assessment” (EVA) feature assigns users an “employee secure score” (ESS) based on how often their credentials show up in the cybercrime black market known as the “dark web,” how diligently they adhere to company security policies, and how well they perform on a newly introduced series of weekly micro-training quizzes, among other variables.
Much like the FICO scores that banks and mortgage lenders use to rank creditworthiness, which served as a model for EVA, the ESS scale runs from 300 to 800. The higher an individual’s score, the less likely they are to endanger corporate assets by falling for a phishing campaign or other attack.
“Employees are always said to be the weakest link in security, but you never know which one,” says Secure Now! President and CEO Art Gross. “We really want to turn the weakest link into the strongest defense.”
Gamification is one of several strategies the new system employs in pursuit of that goal. Employees who participate in awareness training now have access to a “leader board” showing how their score compares to those of anonymously-identified peers.
“People are really interested in moving from a low ESS to a higher ESS, and then trying to get to the top for that company,” says Gross, citing beta test results as evidence. The system highlights specific steps users can take to improve their score.
MSPs and managers can see the same stack-ranked list of risk scores displayed on the leader board, but with real names attached. Detailed information about the specific sources of each employee’s vulnerability is available as well, allowing channel pros and their clients to conduct targeted vulnerability remediation efforts on a person-by-person basis.
EVA functionality is now a standard component of the Breach Prevention Platform (BPP), the premium, all-inclusive edition of Breach Secure Now!, and available at no additional cost. As BPP is a white-labeled product with no published pricing, Gross notes, MSPs who take advantage of EVA functionality have the option of marking up their rates anyway if they choose.
Breach Secure Now! will gain additional functionality next month, including automated phishing education campaigns that run without ongoing administrator input. According to Gross, that feature will be a significant step forward in a long-term effort to turn Breach Secure Now! into a self-managing product.
“We want to get it to set and forget,” he says.
Synchronization with Microsoft Active Directory is slated to become available in June as well. That feature will both simplify user account creation during installation and provide a basis for factoring an employee’s access privileges into their ESS.
Secure Now! plans to add EVA functionality to HIPAA Secure Now!, its training solution for the healthcare vertical, in September.
Breach Secure Now! gained the ability to search the dark web for compromised accounts belonging from up to three domains in January.